Charlie Harvey

Allow mixed https/http content on Iceweasel/Firefox 23 and above

Firefox blocking mixed content

Since version 23, Firefox has started blocking "mixed content" — pieces of an HTML page that are delivered over an insecure, unencrypted connection when browsing an SSL-encrypted page. Now this is probably the right thing to do. Most of the time. And there is a subtle little shield thingummy that tells you that it has done this. There is even a way to ignore the blocking. But it is not obvious how to make te change permanent.

My use case is for work where part of our web infrastructure displays an http page in an iframe on an https page. There is a reasonable reason for doing it this way. But it also means that I want the default behaviour in my Firefox to remain in the pre-23 state.

It turns out that it is fairly easy to tweak the about:config to sort out the annoyance. Thought of course it will make Firefox less secure.

Allowing mixed content display in firefox 23

  • Type about:config into the addressbar. You may get a warning, click that you know what you’re doing.
  • Below the addressbar appears a search field. Type security*mixed into the field and you should see the mixed content related settings.
  • Change "security.mixed_content.block_active_content" to false.


  • Be respectful. You may want to read the comment guidelines before posting.
  • You can use Markdown syntax to format your comments. You can only use level 5 and 6 headings.
  • You can add class="your language" to code blocks to help highlight.js highlight them correctly.

Privacy note: This form will forward your IP address, user agent and referrer to the Akismet, StopForumSpam and Botscout spam filtering services. I don’t log these details. Those services will. I do log everything you type into the form. Full privacy statement.